[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP2 and SASL/Kerberos
>>>>> "GOMBAS" == GOMBAS Gabor <gombasg@inf.elte.hu> writes:
GOMBAS> On Tue, Mar 06, 2001 at 12:47:39PM +0100, Turbo
GOMBAS> Fredriksson wrote:
>> Password for root@BAYOUR.COM: CHROOT:~# ldapsearch -I -b
>> 'dc=com' -p 3389 -h localhost -ZZ dn -v ldap_init( localhost,
>> 3389 ) SASL/GSSAPI authentication started SASL Interaction
>> Please enter your authorization name: root@BAYOUR.COM
>> ldap_sasl_interactive_bind_s: Unknown error additional info:
>> GSSAPI: gss_acquire_cred: Miscellaneous failure; No principal
>> in keytab matches desired name;
GOMBAS> Can the LDAP daemon running in the chroot guess & resolve
GOMBAS> it's fully qualified host name?
Yes it can, that's the first I checked (I remember something about that
in the cyrus-sasl mailinglist archive, but when I went looking for it again,
I couldn't find it).
GOMBAS> If not, it won't be able to find the correct Kerberos key
GOMBAS> in the keytab. Try explicitly setting sasl-host in
GOMBAS> slapd.conf.
Same thing...
--
Turbo __ _ Debian GNU Unix _IS_ user friendly - it's just
^^^^^ / /(_)_ __ _ ___ __ selective about who its friends are
/ / | | '_ \| | | \ \/ / Debian Certified Linux Developer
_ /// / /__| | | | | |_| |> < Turbo Fredriksson turbo@tripnet.se
\\\/ \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden